Context Navigation

OpenVPN GUI (for Windows)

Note: This document applies mostly to OpenVPN-2.3.x (For Windows). OpenVPN-2.4.x includes the OpenVPN-Interactive-Service, which manages privilege separation quite successfully. (You are urged to upgrade if you have not). Instructions for using OpenVPN-GUI bundled with OpenVPN 2.4 are on this page.

Table of Contents

The official OpenVPN release for Windows ships with a GUI frontend called simply "OpenVPN-GUI" and can be found in the .\bin\ subdirectory of the installation path, with shortcuts placed on the desktop and start menu unless unselected during program installation. This wiki page describes how to use this GUI frontend.

The GUI lives in the system tray, so controlling one or more VPN processes is always done through the context menu of the GUI icon. When the GUI is launched, nothing will happen beyond placing the icon in the tray. To do something useful with the GUI, you need to interact with it by right-clicking to bring up the context menu.

Please note the GUI will start the VPN process in the context of the running user. When this user does not have administrative rights (or has rights limited through UAC) it will most likely fail to correctly start the VPN as routes and addressing cannot be changed by unprivileged users.

When starting the OpenVPN GUI, the standard Windows practice of right-clicking on the shortcut and selecting "Run As Administrator" will allow a UAC user to run it in administrative context. If the user lacks admin rights, it will be necessary to "Run As..." and enter credentials for an administrative user. Once started in this fashion, further interaction via the tray icon will be run in the context of the elevated user.

Creating and placing config files

By default, the GUI will present context entries to connect to any *.ovpn file under the .\config\ dir of the installation path (including subfolders.) If you do not place any config files here, the context menu in the GUI will not allow you to connect anywhere (since it has nowhere to connect to.)

Screenshot series demonstrating use

The screenshots below demonstrate use of the OpenVPN-GUI, step-by-step.

After Startup

After initially launching the OpenVPN-GUI program, the GUI icon will be show in the tray, as shown in the image below. Note that this icon can be hidden when marked "inactive" by the OS, so check the expanding arrows to the left of the system tray if it's started but not shown.

Context Menu

Right-clicking on the icon will pull up the context menu. This menu will allow you to connect any of the config files placed as explained above. Note that you must name these files with the .ovpn file extension. Windows has a bad habit of hiding "known" file extensions, so be careful not to name a config file something like Sample.ovpn.txt by mistake.

The screenshots below show the following context menu samples:

1) Context menu when no config files are present:

2) Context menu with a single config present:

3) Context menu with multiple configs present:

Connecting and Disconnecting

Once you have created a config file, going into the context menu and selecting the "Connect" entry will start openvpn on that config file. A status window will open up showing the log output while the connection attempt is in progress (see first screenshot below.) After successful connection, the status window will be hidden, but can be viewed from the context menu if desired.

Once connected, the context menu will allow that VPN to be disconnected; select that option to terminate the active connection.

Screenshot showing an active connection attempt:

Screenshot showing the context menu for an actively-connected VPN:

When one or more VPN instances are running from the GUI, the tray icon will change color to indicate this:

Source Code

Developers interested in source code for referenced, modification, or building can find it at the links below. Normal users will not need this.

Advanced Features

It is normally not necessary to use some of these advanced features, but they are described briefly below.

Setting a proxy

If a system proxy is required for outbound access to the Internet and the OpenVPN transport must use this proxy in order to send outbound data, the proxy settings under the Settings menu item can adjust this. By default, OpenVPN uses a proxy only if it was specified in the config file, but the GUI allows proxy settings to be used based on the system proxy, or a manually-defined proxy.

Change private key passphrase

If a private key is specified in the configuration, the Change Password selection in the context menu will allow a new passphrase to be specified.

Changing config dir location

The path to consider for locating .ovpn config files will default to the installed OpenVPN .\config\ dir. If desired, this can be changed via registry key at HKLM\SOFTWaRE\OpenVPN-GUI under the key config_dir.

Advanced registry changes

Other registry settings are available at the key noted above, and can be used by an administrator to hide portions of the context menu. This can include removing the Change Password and proxy settings. Note that a user is still able to manually decrypt or change passphrase on RSA keys outside the GUI, such as with the openssl utility. This feature applies only to the display menu options and is not a form of password management or file security.